IGRP, EIGRP, and OSPF all use the bandwidth statement.
TCP will also adjust its initial retransmission parameters based on the bandwidth configured on the interface.
OSPF uses cost as its routing metric, which it calculates using bandwidth.
OSPF takes 108 and divides it by the bandwidth of the interface. To calculate the cost of a full T1, OSPF divides 100,000,000 by 1,544,000, which returns an OSPF cost of 64.
(Cisco routers don't use floating-point math, so they drop the numbers after the decimal.)
On the other hand, EIGRP uses the bandwidth of the link to calculate its routing metric.
EIGRP metric formula:
metric = [K1*bandwidth + (K2*bandwidth)/(256 - load)
+ K3*delay] * [K5/(reliability + K4)]
Example:
interface Serial0/0
bandwidth 128
ip address X.X.X.X 255.255.255.0
This command has only one option—the bandwidth, in kilobits, of the interface.
Router(config-if)# bandwidth ?
<1-10000000> Bandwidth in kilobits
Router(config-if)#bandwidth
There are always default bandwidth values set for each type of interface, such as the Serial
interface:
Router# show interface s0/0
Serial0/0 is administratively down, line protocol is down
Hardware is PowerQUICC Serial
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
In the case of a serial interface, the default bandwidth is 1,544 K (or a full T1 circuit).
However, you could have a fractional T1 circuit, and the default may be incorrect.
Thursday, February 14, 2008
Wednesday, February 6, 2008
IPSec Configurations
This is a simple IPSec configuration done between two 7200 routers Kif (192.168.0.6/30) and Zapp (192.168.0.10/30), both going through a third 7200 Leela (192.168.0.5/30 and 192.168.0.9/30 respectively). You need to have connectivity from Kif to Zapp before this starts so go ahead and pick your favorite routing protocol and add something like this to all three:
!
router ospf 1
log-adjacency-changes
redistribute connected subnets
network 192.168.0.0 0.0.0.255 area 0
The diagram is here:
** One thing to note in this, anything that I have defined in the config I have put in upper case lettering. It should be easy to spot things that you need to input as opposed to what is part of the default commands.
• We're going to start with the configuration from Kif and then show you at the end the commands that will be different on Zapp. The first thing we want to do is define the Internet Key Exchange (IKE) Policy. Here we are using Internet Security Association and Key Management Protocol (ISAKAMP) for IKE phase 1 negotiation:
!
crypto isakmp policy 1
- The next part of this configuration specifies the hash and authentication method:
!
hash md5
authentication pre-share
- Now we set the pre shared key and our peer address:
!
crypto isakmp key CISCO address 192.168.0.10
• Now we move onto the transform set which is a mix of security protocols and algorithms:
!
crypto ipsec transform-set DES1 esp-des esp-md5-hmac
- As you can see I put in the "DES1" statement. Thats the name we are using for this transform set. We will see it again later in the configuration.
• Moving onto the crypto map:
!
crypto map DES1_MAP 1 ipsec-isakmp
- Now we set the peer address (same one that we put in the key command above):
!
set peer 192.168.0.10
- Now here is the transform set we defined earlier:
!
set transform-set DES1
- And finally the always confusing match statement. This says anything that matches the ACL we defined (in this case 115) needs to pass through this convoluted configuration we have constructed:
!
match address 115
- Here is ACL 115 so you can see what we have said needs to pass through this:
!
access-list 115 permit ip host 192.168.0.6 host 192.168.0.10
____________________________________________
• Now here are the differences in the config for Zapp:
!
- Crypto address needs to point to the peer
crypto isakmp key cisco address 192.168.0.6 -> this is the IP of Kif's Fastethernet 1/1
- Under crypto map DES1_MAP 1 ipsec-isakmp
set peer 192.168.0.6 -> we know what this is...
!
- ACL needs to be reversed
access-list 115 permit ip host 192.168.0.10 host 192.168.0.6
And thats it! A huge amount of typing and head scratching to make something so simple work. Lets hope we can put this in the time capsule and open it in five years and laugh...
!
router ospf 1
log-adjacency-changes
redistribute connected subnets
network 192.168.0.0 0.0.0.255 area 0
The diagram is here:
** One thing to note in this, anything that I have defined in the config I have put in upper case lettering. It should be easy to spot things that you need to input as opposed to what is part of the default commands.
• We're going to start with the configuration from Kif and then show you at the end the commands that will be different on Zapp. The first thing we want to do is define the Internet Key Exchange (IKE) Policy. Here we are using Internet Security Association and Key Management Protocol (ISAKAMP) for IKE phase 1 negotiation:
!
crypto isakmp policy 1
- The next part of this configuration specifies the hash and authentication method:
!
hash md5
authentication pre-share
- Now we set the pre shared key and our peer address:
!
crypto isakmp key CISCO address 192.168.0.10
• Now we move onto the transform set which is a mix of security protocols and algorithms:
!
crypto ipsec transform-set DES1 esp-des esp-md5-hmac
- As you can see I put in the "DES1" statement. Thats the name we are using for this transform set. We will see it again later in the configuration.
• Moving onto the crypto map:
!
crypto map DES1_MAP 1 ipsec-isakmp
- Now we set the peer address (same one that we put in the key command above):
!
set peer 192.168.0.10
- Now here is the transform set we defined earlier:
!
set transform-set DES1
- And finally the always confusing match statement. This says anything that matches the ACL we defined (in this case 115) needs to pass through this convoluted configuration we have constructed:
!
match address 115
- Here is ACL 115 so you can see what we have said needs to pass through this:
!
access-list 115 permit ip host 192.168.0.6 host 192.168.0.10
____________________________________________
• Now here are the differences in the config for Zapp:
!
- Crypto address needs to point to the peer
crypto isakmp key cisco address 192.168.0.6 -> this is the IP of Kif's Fastethernet 1/1
- Under crypto map DES1_MAP 1 ipsec-isakmp
set peer 192.168.0.6 -> we know what this is...
!
- ACL needs to be reversed
access-list 115 permit ip host 192.168.0.10 host 192.168.0.6
And thats it! A huge amount of typing and head scratching to make something so simple work. Lets hope we can put this in the time capsule and open it in five years and laugh...
Subscribe to:
Posts (Atom)
